SecurityWeek

Mandiant's M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand.

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.

UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion.

Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.

The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies.

Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services.

Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool.

A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks.

CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.

Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.

MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.

Cannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack.